Parse x509v3 certificates and PKCS7 signatures
Project description
This is a fork of a fork of a fork of the original project:
py3x509 - Python library for parsing X.509 Copyright (C) 2009-2012 CZ.NIC, z.s.p.o. (http://www.nic.cz)
Forked from https://github.com/ph4r05/px509
Forked from https://github.com/erny/pyx509
Forked from https://github.com/hiviah/pyx509
Updates by me rename the module to ‘x509’ and update to Python3 only.
Copyright (C) 2017 <siege@siege.org> (https://github.com/cniemira/py3x509)
Work in progress!
Description
This is probably the most complete parser of X.509 certificates in python.
Code is in alpha stage! Don’t use for anything sensitive. I wrote it (based on previous work of colleagues) since there is no comprehensive python parser for X.509 certificates. Often python programmers had to parse openssl output.
Advantages
I find it less painful to use than parsing output of ‘openssl x509’ somewhat stricter in extension parsing compared to openssl
Disadvantages
It’s slow compared to openssl (about 2.3x compared to RHEL’s openssl-1.0-fips)
Currently not very strict in what string types in RDNs it accepts
API is still rather ugly and has no documentation yet; code is nasty at some places (and there’s some old dangling code like pkcs7/verifier.py)
Dependencies
pyasn1 >= 0.1.7
Installation
Install with pip:
pip install py3x509
License
LGPL v2 or later.
See LICENSE.txt.
Known bugs and quirks
Subject alternative name doesn’t show all subtypes, but ‘DNS’, ‘dirName’ and ‘email’ are supported.
Name constraints don’t distinguish among various GeneralName subtypes
Some extensions are not shown very nicely when put in string format
Not all extensions are supported
String types accepted for various RDN subelements are rather too permissive
RDN string conversion does not conform to RFC 4514
Badly formed extensions are ignored if not marked critical
easy to switch to more strict behavior
other clients do this as well; RFC 5280 specifies behavior for unknown elements in extensions in appendix B.1, but does not cover all cases (e.g. element exists, but with string type different from spec)
TODO
Cleanup: This module has it’s own pyasn1 models. Look if we can reuse the pyasn1_modules.rfc2459 X509 cert model.
Cleanup: Currently, the signature verifier does not work.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file x509-0.1.tar.gz
.
File metadata
- Download URL: x509-0.1.tar.gz
- Upload date:
- Size: 28.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 14588a6a33e268a9cd6a08fd05b7f6069d6d1ed86a37c152f6aedf9d31304cdc |
|
MD5 | 4dd14beef16baf30567c8e3c4c9b03d2 |
|
BLAKE2b-256 | cb765b25f32283ff5bb7dcc1ab2b1c909e2b899804c89db0444ebe85ca8d6f49 |